CVE-2010-5104
TYPO3 Sensitive Information Disclosure via escapeStrForLike method
EPSS 0.77%
Description
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.
How to fix CVE-2010-5104
To remediate CVE-2010-5104, upgrade the affected package to a fixed version below.
- Packagist/typo3/cms-core—upgrade to 4.2.16 or later
Is CVE-2010-5104 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 4.2.0, < 4.2.16